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Critical Microsoft Bulletin: Cumulative Security 
Update for Internet Explorer (MS04-025) 


ADVISORY OVERVIEW 


July 30, 2004 - Qualys™ Vulnerability R&D Lab has released a new 
vulnerability signature in the QualysGuard® Service to protect 
organizations against the new Microsoft® vulnerability that was 
announced earlier today. Customers can immediately audit their 
networks for this and other new vulnerabilities by accessing their 
QualysGuard subscription. 


VULNERABILITY DETAILS 


Microsoft released a critical cumulative patch today which fixes a series 
of flaws in their Internet Explorer Web browser. All versions of Internet 
Explorer from IE 5.01 SP2 through IE 6 SP1 running on all versions of 
Microsoft Windows are vulnerable to these exposures. Exploitation of 
these vulnerabilities could result in complete compromise of the host and 
remote code execution. 


More information can be found on Microsoft's website: 


http: //www.microsoft.com/technet/security/bulletin/ms04-025.mspx 


HOW TO PROTECT YOUR NETWORK 


Audits for the new Microsoft Critical Security vulnerability are already 
available in the QualysGuard vulnerability management platform. A 
default scan using authentication will detect these issues and is the 
recommended detection method. In addition QualysGuard users can 
perform a selective scan for these specific vulnerabilities using the 
following settings: 


e Enable scanning of TCP ports 135-139 
e Enable Microsoft Internet Explorer Multiple Vulnerabilities (MS04- 
025) 
o Qualys ID: 100008 
o Windows login required 
e Additionally, enable the "Windows Host Name" signature with 
Qualys ID 82044 if you want to report on vulnerable hosts by 
Windows (NetBIOS) machine name. 


TECHNICAL SUPPORT 


For more information, customers may contact Qualys Technical Support 


directly at support@qualys.com or by telephone toll free at: 
US: 1 866.801.6161 | EMEA: 33 1 44.17.00.41 | UK: +44 1753 872102 


ABOUT QUALYSGUARD 


QualysGuard is an on-demand security audit service delivered over the 
web that enables organizations to effectively manage their vulnerabilities 
and maintain control over their network security with centralized reports, 
verified remedies, and full remediation workflow capabilities with trouble 
tickets. QualysGuard provides comprehensive reports on vulnerabilities 
including severity levels, time to fix estimates and impact on business, 
plus trend analysis on security issues. By continuously and proactively 
monitoring all network access points, QualysGuard dramatically reduces 
security managers’ time researching, scanning and fixing network 
exposures and enables companies to eliminate network vulnerabilities 
before they can be exploited. 


Access for QualysGuard customers: https://qualysquard.qualys.com 


Free trial of QualysGuard service: 
http ://www.qualys.com/forms/trials/qualysquard _trial 
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